Mobile banking Trojan modifications reach all-time high

Read time 3min 10sec
Mobile banking Trojan modifications on the rise.
Mobile banking Trojan modifications on the rise.

Cybercriminals are continually looking for ways to evade detection and slip through the security net. This was evidenced by the number of installation packages for mobile banking, or modifications that help attackers avoid detection by security solutions and expand their arsenal, growing to over 61 000 in Q2 this year.

According to Kaspersky Lab's Q2 IT Threat Evolution Report, this represents an historic high, an over three-fold growth when compared with Q1 2018, and over double the number of installations found in Q1 2017.

Mobile banking Trojans are designed to steal money directly from mobile users' bank accounts. They are hugely popular with cybercriminals all over the world, who are looking for an easy profit. They are typically disguised as legitimate apps, to trick people into installing them. Once the banking app is launched, the Trojan displays its own interface overlaying the banking app's interface. When the user enters his or her credentials, the Trojan steals the information.

The second quarter of 2018 saw a massive influx of this type of Trojan, rising to 61 045, which is an historic high in all the time that Kaspersky Lab has observed these threats. The authors behind the Hqwar Trojan boasted the majority, or around half of these modifications. Next came Trojan Agent, which had approximately 5 000 modifications.

Kaspersky Lab says the growth in these threats is part of a global trend in the growth of mobile malware, as the overall number of mobile malware installation packages also increased by over 421 000 compared to the previous quarter.

Cause for concern

Victor Chebyshev, security expert at Kaspersky Lab, says the threat landscape in Q2 2018 gives the company cause for concern regarding mobile users' security.

"The overall growth in mobile malware installation packages, especially associated with banking, demonstrates that cybercriminals are constantly creating new modifications to their malicious software, to make it more sophisticated and discreet for cybersecurity vendors to detect. Users and the industry should be extremely cautious and vigilant in the coming months as the trend continues to grow," he adds.

In the second quarter, Kaspersky Lab solutions detected and repelled 962 947 023 malicious attacks from online resources located in 187 countries around the world, representing an over 20% increase against the previous period.

Attempted infections by malware that aims to steal money via online access to bank accounts grew by over 5% in comparison with Q1 2018, with such attacks being registered on 215 762 users' computers.

Jailbreaking, rooting

Kaspersky advises users to take several steps to lower their chance of infection. Firstly, to only install applications from trusted sources, ideally an official app store.

They should also always check permissions requested by the app. If the app asks for permissions it doesn't need, users should be cautious, as this could indicate a dodgy or illegitimate app.

Users are also advised to employ a robust security solution to protect them from malicious software and its actions, and to never click on links or attachments in spam or other unsolicited emails.

Finally, the company advises users to avoid rooting or jailbreaking their phones as this will provide cybercriminals with limitless capabilities. Rooting gives the user privileges to modify the software code on the device or install other software that the manufacturer would otherwise not permit them to.

See also